CNNVD-202510-1477 Information

CNNVD ID

CNNVD-202510-1477

Related CVE

CVE-2025-40640

• CNNVD Published: 2025-10-10

Description (Chinese)

Energy CRM是英国Energy公司的一个企业资源管理系统。 Energy CRM v2025版本存在跨站脚本漏洞，该漏洞源于对文件/crm/create_invoice_submit.php中参数customerName_0的输入验证不足，可能导致存储型跨站脚本攻击。

Description (English)

Energoprojekt CRM is an enterprise resource management system (ERPS) of the British company Energoprojekt. There is a cross-site script loophole in Energy CRM v2025, which results from inadequate input verification of the parameter in file/crm/create inview submit.php.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Energy

Published

2025-10-10

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-energy-crm-status-tracker